Cybersecurity awareness descends on Washington

By Amber Corrin

Oct 05, 2012

Inside the Beltway, anyone not talking about the elections seems to be discussing cyber, and for good reason. Cybersecurity Awareness Month kicked off as of Oct. 1, and federal officials have wasted no time in making the rounds.

Throughout the week, high-level officials made appearances to talk cyber, including Gen. Keith Alexander, commander of U.S. Cyber Command and National Security Agency director, Homeland Security Secretary Janet Napolitano and several members of Congress.

The general theme seemed to be calls for partnership to secure U.S. interests in cyberspace, particularly critical infrastructure. In two appearances this week – a rarity – Alexander repeatedly called on agencies to collaborate with each other and the private sector to better share information for the sake of national security.

“Our country … built this Internet and all the stuff that goes with it, and it is absolutely superb,” Alexander said in his second appearance of the week, at an Oct. 4 cybersecurity event hosted by the U.S. Chamber of Commerce in Washington. “We’re the nation that developed the Internet; we ought to be the first to secure it.”

On Sept. 28 Napolitano, speaking at a GovExec event in Washington, said White House officials are close to finishing an executive order on cybersecurity, a measure being taken in the wake of cybersecurity legislation failing in Congress last month. Republicans have been vocal in their opposition to the executive measure, pressing the Obama administration to allow the House and Senate work through the legislative processes.

Napolitano also highlighted the need for a more cyber-savvy workforce, noting that DHS is working on training and hiring staff with cyber expertise. Her remarks were reinforced by a report from the DHS Task Force on CyberSkills, which outlined recommendations for beefing up the cyber ranks in government, including a call to hire 600 “federal employees with mission-critical skills.”

The report contains eleven recommendations grouped under five separate objectives, including the hiring of cyber-skilled staff with “high proficiency” in mission-critical areas; developing and maintaining advanced skills in DHS employees; expanding the pipeline of talent through “innovative partnerships;” and establishing a “cyber reserve” of technically proficient cybersecurity staff that can be tapped when needed.

However, not everyone is in favor of DHS’ potential lead on government cybersecurity. Although Alexander said he believes DHS should spearhead federal efforts, including for transparency purposes, his overtures coincided with the release of a damning congressional report that found DHS wasted taxpayer dollars on a botched intelligence-sharing program that collected information on U.S. citizens.

It wasn’t the only bad news in federal cybersecurity that emerged along with the national attention. On Sept. 30 it was reported by the Washington Beacon that Chinese hackers breached a White House military office network. According to published reports, a White House official confirmed the breach did happen but said there was no damage from the apparent spear-phishing attack.

“These types of attacks are not infrequent and we have mitigation measures in place,” the official said in statement to The Hill.

At the Chamber of Commerce event, Rep. Mike Rogers (R-Mich.) also expressed concerns about an Iranian cyber threat.

“I think they’re (Iran) closer than we'd all like them to be to come in and cause trouble on our financial services networks,” Rogers said, according to Business Insider.

Previously, at the GovExec event, Rogers railed against the theft of intellectual property that is costing the U.S. heavily in losses of both financial and innovation – a serious problem with cyber espionage he described as “death by a thousand cuts.”

The Census Bureau hasn't established a time frame for its cloud computing plans, including testing for scalability, security, and privacy protection, as well as determining a budget for cloud services.